Integrated Network and Security Operation Center: A Systematic Analysis

Abstract

Traditionally, network and security operation center teams have worked in silos despite commonalities. The network operating center (NOC) team is to provide operationality and availability of information technology (IT) assets, while the security operation center (SOC) team is to ensure IT assets security and protect them from cyber-security attacks. The convergence in IT assets and exponential growth in cyber-security threats in the present digital-online scenario have created many challenges in maintaining network and IT assets effectively and protecting them. It is vital to break these silos and bring them under one integrated unit to effectively counter cyber-security attacks, threats, and vandalism at a reduced operational cost. Despite its necessity, the relevant literature lacks an opinion. It focuses mainly on conceptual segments instead of a holistic view of an integrated NOC and SOC architecture, limiting further innovations in the field. A systematic literature review and analysis is conducted to collate and understand current research ideas in this paper. The mapped relevant literature and our expertise have been then used to propose the implementable state-of-the-art architecture of an integrated NOC and SOC, its definition, the main building blocks and its usefulness for the organizations. Only explicit knowledge of people is considered while neglecting the tacit knowledge in automating and integrating the processes of NOC and SOC, which is the major limitation of the relevant literature. Taping people tacit knowledge is necessary for utilizing the entire caliber of the NOC and SOC integration in the future.